The need for network security today is beyond question. Not only are there thieves intent on stealing valuable data and putting it to their own misuse, computer networks must also be made secure against the many pranksters who would introduce viruses and generally try to cause trouble for reasons more arcane or obtuse.
The need for simple security measures has been apparent essentially since the inception of computers. Before computers were hooked together into networks, physical security (keeping unauthorized users away from the computer) was generally deemed adequate. Passwords, often supplemented the physical security, were initially used as essentially the only means of computer based security, even after computers were linked together in:o private local and wide area networks. But the devious nature of the human mind is such that many view a locked door as a challenge rather than as a barrier which should not be passed. Inevitably, people with less than honorable intentions learned to bypass passwords and other such simple security devices. In response, improved security devices and methods were implemented and, in turn, in response to that there were developed means and methods to defeat the improved security.
With the advent of the internet, the traditional security concerns have yet another aspect. When a computer system is connected to and interacting with the internet, it is no longer possible to deny access outright to the outside world, or to limit such access to a select few users with whom elaborate individual security measures can be taken. By definition, a computer network which interfaces with the internet is connected to every other computer and network on the internet. The only things preventing unauthorized access are the security measures employed by the individual networks. A rather thorough discussion of the need for and history of computer security is found in Computer Security Basics by Deborah Russell and G. T. Gangemi Sr., published by O'Reilly & Associates, Inc.
In short, in considering computer network security in relation to the internet, two of the important aspects are generally in opposition. Securing the confidentiality of data is important, but so is maintaining the availability of the network and data therein to authorized users. In a very narrow sense, the ultimate security would be to disconnect the network front the internet altogether. However, this usually is clearly an unsatisfactory repair, since it negates the useful purposes for which the network was connected to the internet in the first place. Indeed, to disrupt or disconnect the services provided by a network to users who might access it through the internet is, in many respects, to succumb to those "crackers" who would disrupt the effective security and/or operation of the network.
Within a network, various security measures can be put into place to create what is referred to as a "trusted" network. But there is no effective control over the rest of the world such that users accessing a local area network from without, as through the internet, can in any wise be trusted. One way to protect a trusted local area network without completely, cutting off communication to the outside world is to set up a gateway computer (sometimes called a firewall) to isolate local users. Within the security perimeter of the local network, users may be able to communicate freely. However, all messages sent to or from users outside the local area network must pass through the firewall computer, or set of computers, which will check, route, and frequently label all information that passes through it. A firewall can be a conventional computer running specific firewall software, or a dedicated computer device specifically constructed or configured as a firewall. The firewall can be dedicated solely to performing the firewall functions, or it can also perform additional functions such as packet routing, or the like, in addition to its firewall functions.
As can be appreciated in light of the above discussion, there is no such thing as a completely secure system. The best that can be hoped for is to stay one step ahead of those persons who would circumvent existing security measures. Accordingly, those who use firewalls are consistently attempting to update the programming of the firewall such that new methods for penetrating the firewall will be detected and abated. A well known recent program named "Satan", which was produced and made public by Dan Farmer, has a script of known methods by which network security can be breached, and Satan goes through this script attempting to break into a network. Satan was developed to perform a good faith security check on systems, and that is why it was made publicly available. A program named "Gabriel" has been developed to recognize a Satan attack and to alert the system to such an attack. This is illustrative of the fact that a firewall can be programmed to recognize a known type of attack on the system. The firewall can also be programmed to block access to a recognized attacker.
To the inventor's knowledge, the firewall systems described above represent the current state of the art in network security devices. Such firewalls are quite effective at detecting and blocking the particular types of network security breach attempts which are anticipated in the configuration and programming of the firewall. More specifically, such firewalls will block data packets according to the specific set of rules that is programmed into the firewall. Examples of such rules are; that a packet has to be addressed to a valid machine on the network, that the packet cannot purport to be from a machine on the network, and that packet addresses cannot be any of the known invalid addresses.
Despite their effectiveness for their intended purpose, known prior art firewalls will not provide the sort of flexibility which may be needed in the future. In particular, existing firewalls are not readily adaptable to provide a variety of responses based upon dynamically modified information. Moreover, existing firewalls are subject to breach by any new and unique methods for circumventing security, at least until the programming of such a firewall is modified to block such new methods.
A U.S. Pat. No. 5,606,668, issued to Shwed, teaches a method for easily programming a firewall. While Shwed provides a very useful invention, in that it allows a firewall to be easily and quickly reprogrammed as necessary, it does not address the problem that it is litereally impossible to detect many sophisticated intrusion attempts by examining packets one at a time. That is, there may seemingly be nothing about any single packet which might alert an observer to the fact that something is amiss with a series of communications. Nor does Shwed teach or predict a controller which will directly dynamically control a firewall without operator intervention. That is, although the Shwed invention provides a significant improvement, with the exception of the improved programming method, the invention taught by Shwed provides a programmed packet filter which is not different from the prior art.